Summary In this post I will discuss a Windows Defender Antivirus bypass I discovered and reported to Microsoft on May 26th 2020. The bypass affects the current versions of Windows Defender deployed with Windows Server 2016/2019, where the Web Server role is installed. This post focuses on the road I took to get to the bypass as well, so for the TL;DR go to " Bypassing Windows Defender Antivirus 2016 using automatic exclusions" section. Setting the stage I recently worked on a penetration test for an asp.net application. The setup was pretty standard for a small asp.net application, it was deployed in amazon AWS with a web tier and database tier. The web tier, where the application lived was configured on a Windows 2016 server with the Web Server role installed. This asp.net application integrated with a much larger suite of applications deployed in the same amazon AWS environment (14 other windows servers). Below i've generated some screenshots from some test sys...
application security, bug bounties, security research